serve.zone/onebox
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

feat: add dcrouter external gateway sync

Browse Source
This commit is contained in:
Jürgen Kunz
2026-04-29 15:24:25 +00:00
parent 1f3705fa25
commit 7ee740695f
12 changed files with 643 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ts/classes/external-gateway.ts
+352
View File
@@ -0,0 +1,352 @@
import * as plugins from '../plugins.ts';
import { logger } from '../logging.ts';
import { getErrorMessage } from '../utils/error.ts';
import { OneboxDatabase } from './database.ts';
import type { IDomain, IService } from '../types.ts';
type TWorkHosterType = 'onebox';
interface IExternalGatewayConfig {
url: string;
apiToken: string;
workHosterId: string;
targetHost?: string;
targetPort?: number;
}
interface IWorkHosterDomain {
name: string;
capabilities?: {
canCreateSubdomains: boolean;
canManageDnsRecords: boolean;
canIssueCertificates: boolean;
canHostEmail: boolean;
};
}
interface IWorkAppRouteOwnership {
workHosterType: TWorkHosterType;
workHosterId: string;
workAppId: string;
hostname: string;
}
interface IWorkAppRouteSyncResult {
success: boolean;
action?: 'created' | 'updated' | 'deleted' | 'unchanged';
routeId?: string;
message?: string;
}
interface IDcRouterCertificateExport {
success: boolean;
cert?: {
id: string;
domainName: string;
created: number;
validUntil: number;
privateKey: string;
publicKey: string;
csr: string;
};
message?: string;
}
interface IDcRouterRouteConfig {
name: string;
match: {
ports: number[];
domains: string[];
};
action: {
type: 'forward';
targets: Array<{ host: string; port: number }>;
tls: {
mode: 'terminate';
certificate: 'auto';
};
websocket: {
enabled: boolean;
};
};
}
export class ExternalGatewayManager {
private database: OneboxDatabase;
constructor(private oneboxRef: any) {
this.database = oneboxRef.database;
}
public async init(): Promise<void> {
if (!(await this.isConfigured())) {
logger.info('External dcrouter gateway not configured');
return;
}
await this.syncDomains();
}
public async isConfigured(): Promise<boolean> {
const config = await this.getConfig({ requireTarget: false });
return Boolean(config);
}
public async syncDomains(): Promise<IDomain[]> {
const config = await this.requireConfig({ requireTarget: false });
const response = await this.fireDcRouterRequest<{ domains: IWorkHosterDomain[] }>(
'getWorkHosterDomains',
{},
config,
);
const activeDomainNames = new Set<string>();
const now = Date.now();
for (const gatewayDomain of response.domains) {
const domainName = gatewayDomain.name.trim().toLowerCase();
if (!domainName) continue;
activeDomainNames.add(domainName);
const existingDomain = this.database.getDomainByName(domainName);
const defaultWildcard = gatewayDomain.capabilities?.canIssueCertificates !== false;
if (existingDomain) {
this.database.updateDomain(existingDomain.id!, {
dnsProvider: 'dcrouter',
isObsolete: false,
defaultWildcard,
updatedAt: now,
});
} else {
this.database.createDomain({
domain: domainName,
dnsProvider: 'dcrouter',
isObsolete: false,
defaultWildcard,
createdAt: now,
updatedAt: now,
});
}
}
for (const domain of this.database.getDomainsByProvider('dcrouter')) {
if (!activeDomainNames.has(domain.domain)) {
this.database.updateDomain(domain.id!, {
isObsolete: true,
updatedAt: now,
});
}
}
logger.success(`Synced ${activeDomainNames.size} domain(s) from external dcrouter gateway`);
return this.database.getDomainsByProvider('dcrouter');
}
public async syncServiceRoute(service: IService): Promise<void> {
if (!service.domain) return;
const config = await this.getConfig({ requireTarget: true });
if (!config) return;
const result = await this.fireDcRouterRequest<IWorkAppRouteSyncResult>(
'syncWorkAppRoute',
{
ownership: this.buildOwnership(service, service.domain, config),
route: this.buildRoute(service, config),
enabled: service.status === 'running',
},
config,
);
if (!result.success) {
throw new Error(result.message || `dcrouter route sync failed for ${service.domain}`);
}
logger.success(`External gateway route ${result.action || 'synced'} for ${service.domain}`);
await this.importCertificateForDomain(service.domain).catch((error) => {
logger.debug(`External gateway certificate import skipped for ${service.domain}: ${getErrorMessage(error)}`);
});
}
public async deleteServiceRoute(service: Pick<IService, 'id' | 'name' | 'domain'>): Promise<void> {
if (!service.domain) return;
const config = await this.getConfig({ requireTarget: false });
if (!config) return;
const result = await this.fireDcRouterRequest<IWorkAppRouteSyncResult>(
'syncWorkAppRoute',
{
ownership: this.buildOwnership(service, service.domain, config),
delete: true,
},
config,
);
if (!result.success) {
throw new Error(result.message || `dcrouter route delete failed for ${service.domain}`);
}
logger.info(`External gateway route ${result.action || 'deleted'} for ${service.domain}`);
}
public async importCertificateForDomain(domain: string): Promise<boolean> {
const config = await this.getConfig({ requireTarget: false });
if (!config) return false;
const result = await this.fireDcRouterRequest<IDcRouterCertificateExport>(
'exportCertificate',
{ domain },
config,
);
if (!result.success || !result.cert) {
return false;
}
const now = Date.now();
const existingCertificate = this.database.getSSLCertificate(domain);
if (existingCertificate) {
this.database.updateSSLCertificate(domain, {
certPem: result.cert.publicKey,
keyPem: result.cert.privateKey,
fullchainPem: result.cert.publicKey,
expiryDate: result.cert.validUntil,
updatedAt: now,
});
} else {
await this.database.createSSLCertificate({
domain,
certPem: result.cert.publicKey,
keyPem: result.cert.privateKey,
fullchainPem: result.cert.publicKey,
expiryDate: result.cert.validUntil,
issuer: 'dcrouter',
createdAt: now,
updatedAt: now,
});
}
await this.oneboxRef.reverseProxy.reloadCertificates();
logger.success(`Imported external gateway certificate for ${domain}`);
return true;
}
private async getConfig(options: { requireTarget?: boolean } = {}): Promise<IExternalGatewayConfig | null> {
const url = this.normalizeUrl(this.database.getSetting('dcrouterGatewayUrl') || '');
const apiToken = await this.database.getSecretSetting('dcrouterGatewayApiToken');
if (!url || !apiToken) {
return null;
}
const config: IExternalGatewayConfig = {
url,
apiToken,
workHosterId: this.ensureWorkHosterId(),
};
if (options.requireTarget !== false) {
config.targetHost = this.database.getSetting('dcrouterTargetHost')
|| this.database.getSetting('serverIP')
|| undefined;
const targetPort = this.parsePort(
this.database.getSetting('dcrouterTargetPort')
|| this.database.getSetting('httpPort')
|| '80',
);
config.targetPort = targetPort;
if (!config.targetHost) {
throw new Error('dcrouterTargetHost or serverIP must be configured for external gateway route sync');
}
}
return config;
}
private async requireConfig(options: { requireTarget?: boolean } = {}): Promise<IExternalGatewayConfig> {
const config = await this.getConfig(options);
if (!config) {
throw new Error('External dcrouter gateway is not configured');
}
return config;
}
private normalizeUrl(url: string): string {
const trimmedUrl = url.trim().replace(/\/+$/, '');
if (!trimmedUrl) return '';
if (/^https?:\/\//.test(trimmedUrl)) return trimmedUrl;
return `https://${trimmedUrl}`;
}
private parsePort(portValue: string): number {
const port = Number(portValue);
if (!Number.isInteger(port) || port < 1 || port > 65535) {
throw new Error(`Invalid dcrouter target port: ${portValue}`);
}
return port;
}
private ensureWorkHosterId(): string {
let workHosterId = this.database.getSetting('dcrouterWorkHosterId');
if (!workHosterId) {
workHosterId = crypto.randomUUID();
this.database.setSetting('dcrouterWorkHosterId', workHosterId);
}
return workHosterId;
}
private buildOwnership(
service: Pick<IService, 'id' | 'name'>,
hostname: string,
config: IExternalGatewayConfig,
): IWorkAppRouteOwnership {
return {
workHosterType: 'onebox',
workHosterId: config.workHosterId,
workAppId: service.name || `service-${service.id}`,
hostname,
};
}
private buildRoute(service: IService, config: IExternalGatewayConfig): IDcRouterRouteConfig {
return {
name: this.routeName(service.domain!),
match: {
ports: [443],
domains: [service.domain!],
},
action: {
type: 'forward',
targets: [{ host: config.targetHost!, port: config.targetPort! }],
tls: {
mode: 'terminate',
certificate: 'auto',
},
websocket: {
enabled: true,
},
},
};
}
private routeName(domain: string): string {
return `onebox-${domain.replace(/[^a-zA-Z0-9]+/g, '-').replace(/^-|-$/g, '')}`;
}
private async fireDcRouterRequest<TResponse>(
method: string,
requestData: Record<string, unknown>,
config: IExternalGatewayConfig,
): Promise<TResponse> {
const typedRequest = new plugins.typedrequest.TypedRequest<any>(
`${config.url}/typedrequest`,
method,
);
return await typedRequest.fire({
...requestData,
apiToken: config.apiToken,
}) as TResponse;
}
}